Schneier on Security
A blog covering security and security technology.
More about the NSA's Tailored Access Operations Unit
Der Spiegel has a good article on the NSA's Tailored Access Operations unit: basically, its hackers.
"Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."
The article also has more details on how QUANTUM -- particularly, QUANTUMINSERT -- works.
Until just a few years ago, NSA agents relied on the same methods employed by cyber criminals to conduct these implants on computers. They sent targeted attack emails disguised as spam containing links directing users to virus-infected websites. With sufficient knowledge of an Internet browser's security holes -- Microsoft's Internet Explorer, for example, is especially popular with the NSA hackers -- all that is needed to plant NSA malware on a person's computer is for that individual to open a website that has been specially crafted to compromise the user's computer. Spamming has one key drawback though: It doesn't work very often.
Another article discusses the various tools TAO has at its disposal.
A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
The German version of the article had a couple of pages from the 50-page catalog of tools; they're now on Cryptome. Leaksource has the whole TOP SECRET catalog; there's a lot of really specific information here about individual NSA TAO ANT devices. (We don't know what "ANT" stands for. Der Spiegelspeculates that it "stands for Advanced or Access Network Technology.") For example:
(TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 series firewalls. It persists DNT's BANANAGLEE software implant. SOUFFLETROUGH also has an advanced persistent back-door capability.
And NIGHTSTAND:
(TS//SI//REL) An active 802.11 wireless exploitation and injection tool for payload/exploit delivery into otherwise denied target space. NIGHTSTAND is typically used in operations where wired access to the target is not possible.
NIGHTSTAND can work from as far away as eight miles, and "the attack is undetectable by the user."
One more:
(TS//SI//REL) DROPOUTJEEP is a software implant for Apple iPhone that utilizes modular mission applications to provide specific SIGNIT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.
There's lots more in the source document. And note that this catalog is from 2008; presumably, TAO's capabilities have improved significantly in the past five years.
And -- back to the first article -- TAO can install many of the hardware implants when a target orders new equipment through the mail:
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
They can install the software implants using techniques like QUANTUM and FOXACID.
Remember, this is not just about the NSA. The NSA shares these tools with the FBI's black bag teamsfor domestic surveillance, and presumably with the CIA and DEA as well. Other countries are going to have similar bags of tricks, depending on their sophistication and budgets. And today's secret NSA programs are tomorrow's PhD theses, and the next day's criminal hacking tools. Even if you trust the NSA to only spy on "enemies," consider this an advance warning of what we have to secure ourselves against in the future.
I'm really happy to see Jacob Appelbaum's byline on the Der Spiegel stories; it's good to have someone of his technical ability reading and understanding the documents.
Slashdot thread. Hacker News thread. MetaFilter thread. Ars Technica article. Wired article. Article onAppelbaum's talk at 30c3.
|
We will not accept Donald Trump's bigotry, homophobia, sexism, racism, xenophobia, authoritarianism, ignorance and stupidity. Already our democratic republic has been replaced by oligarchy. What next, outright fascism? As our articles will show, Trump is following the path of Adolf Hitler as a passive, confused media grovels for access.
Tuesday, December 31, 2013
NSA: CYBERCRIMINALS
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment